Earlier this week, British Airways discovered that its website and app had been hacked such that 380,000 people who purchased flights over their http://www.ba.com website or app between August 21st and September 5th had their credit card information stolen. Along with credit and debit card numbers, expiration dates of the cards and the cards security codes, the hackers also obtained their victims’ names, addresses and email addresses. This information would enable the hackers to not only use their victims’ credit cards, but also set up their victims for future scams by contacting them through emails and text messages posing as British Airways or a law enforcement agency pretending to assist with the repercussions of the data breach, but instead either luring the victims into clicking on links and downloading dangerous malware or tricking them into providing personal information that could be used for purposes of identity theft.
Major data breaches have become a way of life for us all and therefore it is important to take whatever steps we can to increase our security in the face of the fact that regardless of how cautious we are, we are only as safe as the various institutions and companies with our information with the weakest security. One important lesson is to never use your debit card for online purchases because the consumer protection laws related to fraudulent use of your debit card are not as strong as those that apply when your credit card is fraudulently used. In addition, we should all monitor our credit card statements regularly to discover any misuse of our cards as soon as possible. The earlier fraudulent use is discovered, the easier it is to correct. Finally, remember my motto, “trust me, you can’t trust anyone.” As I indicated above, following a data breach such as this one, it is common for the victims of the data breach to receive emails or text messages from scammers posing as companies or governmental agencies offering assistance, but often they are merely using the data breach as an excuse to ask for personal information that will be used to make you a victim of identity theft or to lure you to click on a link that will download dangerous malware. If you receive such an email or text message that you think may be legitimate, you only should respond by contacting the real company or governmental agency at an independently confirmed address that you know is accurate to confirm that the message you received was a scam or not.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”